Year: 2023

The Week in Cyber Security and Data Privacy: 16–22 October 2023

by

Welcome to a new series of weekly blog posts rounding up the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks City of Philadelphia discloses data breach after five months Date of breach: 24 May 2023 (notice issued 20 October 2023).Breached organisation: City of Philadelphia, US.Incident details: An unauthorised party gained access to some employee email accounts and the information within them, including demographic, medical and

The post The Week in Cyber Security and Data Privacy: 16–22 October 2023 appeared first on IT Governance UK Blog.

How did the Okta Support breach impact 1Password?

by

1Password detected suspicious activity on its Okta instance after the recent compromise of the Okta support system. The password management and security application 1Password announced it had detected suspicious activity on its Okta instance on September 29, but excluded that user data was exposed. The activity is linked to the recent attack on the Okta … Read more

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

by

Hundreds of millions of PII records belonging to Indian residents, including Aadhaar cards, are being offered for sale on the Dark Web. PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web In early October, Resecurity’s HUNTER (HUMINT) unit identified hundreds of millions of personally identifiable information (PII) records … Read more

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

by

The Spanish police have arrested 34 members of the cybercriminal group that is accused of having stolen data of over four million individuals. The Spanish police have arrested 34 members of a cybercriminal group that is suspected to have stolen data of over four million individuals. The authorities conducted 16 searches in Madrid, Málaga, Huelva, … Read more

CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

by

US CISA added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The vulnerability is an unspecified issue in the web user interface. An attacker can chain this flaw with CVE-2023-20198 to leverage the new … Read more

Cisco warns of a second IOS XE zero-day used to infect devices worldwide

by

Cisco found a second IOS XE zero-day vulnerability, tracked as CVE-2023-20273, which is actively exploited in attacks in the wild. Cisco last week warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance … Read more

Cybersecurity And The Patching Paralysis Problem

by

Summary: With dozens of apps, systems and devices to keep up to date, many IT departments suffer from ‘patching paralysis’. Find out why patching paralysis happens, and how you can overcome it.  Key takeaways: Patching paralysis is very common It is caused by the sheer number of updates required across multiple systems Organizations struggle to […]

The post Cybersecurity And The Patching Paralysis Problem appeared first on Heimdal Security Blog.

Vulnerability Management Metrics: It’s Time to Look Past the Metrics Mirage

by

When it comes to managing security vulnerabilities, it helps to know your enemy. That’s why businesses rely on a set of vulnerability management metrics to help quantify how resilient they are and better inform their decisions on how to respond. The logic is clear: the more you know about the vulnerabilities out there and the […]

The post Vulnerability Management Metrics: It’s Time to Look Past the Metrics Mirage appeared first on Heimdal Security Blog.

Expert Insight: Leon Teale

by

Secure remote working tips and VPN insights from our senior penetration tester Leon Teale is a senior penetration tester at IT Governance. He has more than ten years’ experience performing penetration tests for clients in various industries all over the world. In addition, Leon has won hackathon events in the UK and internationally, and is accredited for multiple bug bounties. He’s also been featured in various articles relating to cyber security. We sat down to chat to him. What have organisations been asking you about lately? Well, for many people, working from home almost feels like the norm now. I

The post Expert Insight: Leon Teale appeared first on IT Governance UK Blog.

Strategic readiness: Effectively preparing for NIS2 compliance

by

EXECUTIVE SUMMARY: As we near the final stretch of Cyber Security Awareness Month, it’s time to expand our focus beyond passwords and multi-factor authentication (although they’re important too).   Within the U.K., France and Germany, just a handful of organizations (34%) are prepared for the EU’s updated Network and Information Security Directive (NIS2). Three-quarters of […]

The post Strategic readiness: Effectively preparing for NIS2 compliance appeared first on CyberTalk.